The guy beat you to it in 1996

I did, but mostly because I already have a bunch of stuff set up and it’s not going to change the costs any.

What you might call a stateful NAT is really a 1-1 NAT, anything going out picks up an IP and anything retuned to that IP is routed back to the single address behind the NAT. Most home users a many to one source nat so their internal devices pick up a routable IP and multiple connections to a given dest are tracked by a source port map to route return traffic to the appropriate internal host.

Basically yes to what you said, but a port forward technically is a route map inbound to a mapped IP. You could have an ACL or firewall rule to control access to the NAT but in itself the forward isn’t a true firewall allow.

Same basic result but if you trace a packet into a router without a port forward it’ll be dropped before egress rather than being truly blocked. I think where some of the contention lies is that routing between private nets you have something like:

0.0.0.0/0 > 192.168.1.1 10.0.0.0/8 > 192.168.2.1

The more specific route would send everything for 10.x to the .2 route and it would be relayed as the routing tables dictate from that device. So a NAT in that case isn’t a filter.

From a routable address to non-route 1918 address as most would have from outside in though you can’t make that jump without a map (forward) into the local subnet.

So maybe more appropriate to say a NAT ‘can’ act as a firewall, but only by virtue of losing the route rather than blocking it.

NAT in the sense used when people talk about at home is a source nat, or as we like to call it in the office space a hide address, everyone going to the adjacent net appears to be the same source IP and the system maintains a table of connections to correlate return traffic to.

The other direction though, if you where on that upstream net and tried to target traffic towards the SNAT address above the router has no idea where to send it to unless there’s a map to designate where incoming connections need to be sent on the other side of the NAT so it ends up being dropped. I suppose in theory it could try and send it to everyone in the local side net, but if you get multiple responses everything is going to get hosed up.

So from the perspective of session state initiation it can act as a firewall since without route maps it only will work from one side.

Assuming it’s not a 1-1 NAT it does make for a functional unidirectional firewall. Now, a pure router in the sense of simply offering a gateway to another subnet doesn’t do much, but the typical home router as most people think of it is creating a snat for multiple devices to reach out to the internet and without port forwarding effectively blocks off traffic from the outside in.

The model here needs tuning, it hasn’t managed to mimick coherent human language yet.

There are filtered keywords and filtered websites options on Voyager, would try playing with those.

Quit with the shilling plebbit, nobody wants an unmoderated 4chan clone.

Indeed they do use 11x but it’s still a possibility to cause issues. It’s entirely possible to manage a fleet of IPs across a net but it takes a solid plan organization plan. My company is big on the acquiring companies game where IP overlaps are a perpetual challenge when merging sites in and you need a mess of snat/dnat conversions to keep routing from getting in a knot.

While handy on a personal net, on a larger corporate net this isn’t practical and even adds a security risk. By having servers request leases you run the chance that someone gets into a segment, funds the ARP association for an IP/MAC combo and can take over a server’s spot simply by spoofing their own MAC to match at the time of lease renewal.

In the post above about setting a static address in two spots that in itself isn’t required either. So long as there are no duplicates you would just set the static address on the end device, then the network will sort it out with ARP ‘who has’ requests in local segments, or routing in the case of distinct subnets.

Edit: the duplicate I suppose could be referring to putting names into a DNS registry, in which case yes you would need that double entry, or just reference things by IP if the environment is small enough for it to be practical.

I’ve used plenty of them with no problems for years. Just so long as you have redundancy in place like a good RAID setup there’s little risk of losing anything.

Did you happen to unplug the external drive when it was moved? Could wonder if the device ID got changed and the server can’t find the old location for the library any longer.

.world is hardly the home of the tankie, what you see might be posts from lemmy.ml

There are two other places known as lemmygrad and hexbear that are outright communist/tankie that you’ll see occasionally brigade when someone posts anything positive about the USA.

This and most others are pretty sane. One that comes to mind for what you’re asking particularly might be https://slrpnk.net/signup who seem kind of left but not Stalin left.

Otherwise there’s the join Lemmy link at the bottom of any given instance to look through.

That last part sounds like grand idea, and likely not too hard to do on the client side. Perhaps just a way to sort things by tagging a comm with some flag and all the ones with a specific flag show up in a custom feed. That way even if the names are not quite the same you could create these merged comms to read from.

The hard part there would be posting, you would want some kind of easy way to send a new post to a specific one, but I can’t say having a ‘post to all’ would be a good idea, that sounds like a spam poster’s best friend.

Nice try haxor…

Generally yes, but it can be useful as a learning thing. A lot of my homelab use is for purposes of practicing with different techs in a setting where if it melts down it’s just your stuff. At work they tend to take offense of you break prod.

I’ve used MinIO as the object store on both Lemmy and Mastodon, and in retrospect I wonder why. Unless you have clustered servers and a lot of data to move it’s really just adding complexity for the sake of complexity. I find that the bigger gains come from things like creating bonded network channels and sorting out a good balance in the disk layout to keep your I/O in check.

The point isn’t to make people infuriated/sick…

Open version called vault warden lets you put 2FA in the app. That said, I’m not of the camp that wants to put their password and code generator in the same place so I still use Aegis for the tokens.

Sneezing when I eat too much, typically 3 times.